Configuring an SSL server on WebSphere

You can use the default self-signed server certificate that is installed in the WebSphere identity keystore and server truststore, or you can use a certificate from a certificate authority.

About this task

When WebSphere Application Server is installed, it generates a default self-signed server certificate. You can view the default certificate in the WebSphere administration console. You do not need to configure the server to use the default self-signed certificate.

If you want to use a certificate from a certificate authority, you must import the certificate.

Procedure

To import a third-party certificate:

  1. Log on to the WebSphere Integrated Solutions Console.
  2. Navigate to Security > SSL certificates and key management.
  3. Navigate to the signer certificates page, depending on the type of your WebSphere installation:
    Option Description
    WebSphere base edition or stand-alone environment Key stores and certificates > NodeDefaultTrustStore > Personal certificates
    WebSphere ND Key stores and certificates > CellDefaultTrustStore > Personal certificates
  4. Click Import.
  5. On the General Properties page, select the Key store file radio button, and complete the following actions:
    1. In the Key file name field, enter the fully qualified path to the keystore file that contains the certificate to import.
    2. From the Type list, select: JKS.
    3. In the Key file password field, enter the password for your certificate.
    4. Click Get Key File Aliases.
      The system searches the key store and populates the Certificate alias to import list.
    5. Optional: If you want to use a new alias, enter a new value in the Imported certificate alias field.
  6. Click Apply and OK.
  7. Save the configuration.